What is an SSL certificate?

An SSL certificate (also known as a Web Server Certificate, Secure Server
Certificate, and Digital Certificate) works with the SSL protocol to secure
online communications and transactions, and identifies a remote computer,
using cryptography.

SSL certificates are issued by Certification Authorities (CA's),
such as GeoTrust, which vouch for the information contained within the SSL
certificate. Embedded within an SSL certificate is the fully-qualified domain
name of your web site (server), such as www.yourdomain.com. It may also
contain information about your business or organization, such as its legal
name and the geographic location where your business is legally registered
to conduct business.

What will an SSL certificate do for my web site?

An SSL certificate will assure your online visitors that confidential
information and transactions cannot be viewed, intercepted, or altered
by an unauthorized third party when transmitted over the Web or mobile
devices.

How do I know which SSL certificate is right for me?

Do you have test or trial SSL certificates?

How long does it take to get a Web server certificate?

The GeoTrust QuickSSL and QuickSSL Premium SSL certificates can be applied
for and received in about 10 minutes. The processing time for GeoTrust
True BusinessID SSL and Wildcard SSLcertificates is, on average, about
2 days. There are instances when GeoTrust flags QuickSSL and QuickSSL
Premium orders for a manual review and security audit. If this happens
it could take longer while GeoTrust completes its review.

Does it really take just 10 minutes?

The 10 minute delivery time applies to GeoTrust QuickSSL and QuickSSL Premium SSL certificates only. The processing time for GeoTrust True BusinessID SSL and Wildcard SSL certificate is, on average, about 2
days. There are instances when GeoTrust flags QuickSSL and QuickSSL
Premium orders for a manual review and security audit. If this happens
it could
take longer while GeoTrust completes its review.

Can I get an SSL certificate if I live outside the United States?

Sure you can. GeoTrust SSL certificates are issued all over the world.
There are, however, a handful of countries that, legally, GeoTrust cannot
issue to, these are: Angola, Ascension, Cuba, Czechoslovakia, Libya, Iran,
Iraq, Afghanistan, North Korea, Syria, and Yugoslavia.

For QuickSSL and QuickSSL Premium certificates you won't need to send in any supporting
business documents. For True BusinessID and Wildcard SSL you may need to fax in proof-of-organization documents
issued by your local or state government showing that your business or organization
is authorized to do business in your country.

Do I have to have an SSL certificate for each web page
I want to secure?

No. One SSL certificate covers every page within your domain. If your
SSL certificate is issued for www.mydomain.com, then your SSL certificate
will work for https://www.mydomain.com/index.htm, https://www.mydomain.com/support/about_us.html,
https://www.mydomain.com/books/mysteries/authors.html, and so on.

What forms of payment are accepted?

Currently we accept payments using American Express, Visa,
MasterCard, and PayPal. Companies and Organizations that have made
advance arrangements with us may also place an order using a purchase
order.

Do I have to have a Dun and Bradstreet (DUNS) number to apply?

Can I get a refund once my certificate has been issued?

Yes. GeoTrust will replace, revoke, or refund SSL certificates that have
been issued within thirty (30) days of the SSL certificate issue date for
the same domain. If you order an SSL certificate and decide you no longer
want it within thirty days of the issue date, your money will be refunded.
Learn more about cancellations and refunds.

Will the gold padlock icon illuminate in the browser with
GeoTrust SSL certificates?

How do I know this site is for real and not just trying to yank my
chain?

We invite you to contact GeoTrust
and inquire as to our relationship. We've been marketing, selling,
and supporting their great products for years. You may reach GeoTrust by
calling 1-866-GeoTrust (866-436-8787) or 678-366-8399 for International
callers.

Some of our SSL customers include
IBM, General Motors (GM), UCLA, Morgan Stanley, Columbia University,
The WD-40 Company, The Circuit Court of Baltimore, The
Seattle Seahawks and more. We've
built a solid business by providing a great product at a fair price
followed up
by outstanding
customer
support. We'd like the opportunity to do the same for you.

Will I be getting exactly the same SSL certificate that
GeoTrust offers on their site?

Yes, only for much cheaper. As you place an online order on this site, our system communicates with GeoTrust's system in real
time. GeoTrust generates the new SSL certificate and then we send
it on to you.

How can you sell SSL certificates for less than GeoTrust sells them?

There's really no magic to it. With our direct relationship with
GeoTrust we're able to buy large blocks of SSL certificates at deep discounts.
We use our buying power to save you money. GeoTrust is happy, we're happy,
and you'll be happy for saving money on a name brand SSL certificate at
a fair price.

How much is the renewal price?

Currently our renewal prices are the same as our new SSL certificate
prices. So, if the new price of, say ,QuickSSL is $99 today, so is the
renewal price for QuickSSL today. Our renewal prices will NEVER be higher
than our regular new certificate prices for the same type of SSL certificate.

If I decide to change ISP's, can I move my certificate with me?

Yes. Every GeoTrust SSL certificate issued comes with free re-issues and replacements for the life of your SSL certificate
for the exact same fully-qualified-domain name. So, if you need move
your SSL certificate
you may export the keys to your new server, or you may generate a
new CSR request on the new server and have your certificate re-issued.

Will my site need to have a unique IP address for the
certificate to work?

Yes. You need to have a unique IP address for each domain you want to secure.
This is not a GeoTrust thing, but rather an SSL protocol thing and has to
do with the Secure Sockets Layer working below the application layer. Any
site that wants to use an SSL certificate must have its own unique IP address
that is not shared by another site. The IP can be real (routable) or internal
(RFC 1918 non-routable
address) but, it must be unique on the server. Please also note that it
doesn't matter if the IP address you assign to the site changes later.
If you decide to change the IP address later you won't need to get
a new SSL certificate. The SSL certificate must be bound to an IP, but not
a specific IP. Your hosting company should be able to set you up with a
unique IP address if you don't already have one.

An ISP hosts my site. Can I still purchase and use a GeoTrust SSL certificate
on my site?

Can I renew my GeoTrust SSL certificate here even though I bought it
somewhere else?

Sure, all you need is a Certificate Signing Request (CSR) to get started.
Sometimes you can use the CSR from last year, other times you must generate
a new CSR. It just depends what type of server environment you're
site is hosted on. If you didn't originally purchase from this
site you should start the order off as a NEW order. As you progress through
the online order process, and your CSR is decoded, GeoTrust's system
will let our system know that this is a renewal order and we'll
automatically change your order type from New to Renewal during the ordering
process.

What is a dynamic Site Seal? Do I need one?

A dynamic site seal is a security icon graphic for you to display on
your site. This prominently displayed smart site seal guarantees online
visitors they will receive the highest level of encryption possible.
Clicking the seal reveals the authenticity of your site.

Get a site seal if you want to assure your online visitors your site
is verified by a trusted third party like GeoTrust. Both GeoTrust QuickSSL
Premium, GeoTrust True BusinessID, and Wildcard SSL come with dynamic
site seals.

The QuickSSL Premium Site Seal

This is an sample QuickSSL Premium site seal. The actual seal
will features a live date/time stamp and right-click copy is
disabled to prevent
spoofing.

The True BusinessID Site Seal

This is a sample True Business ID True Site
Smart Seal. The actual seal will disable right-click copy-and-save
features to prevent spoofing. Your company's name is embedded
in the graphic along with a live date/time stamp. Online visitors
learn more about your organization by clicking on the "click" icon.

will work for one fully-qualified domain name (FQDN)
only. This is because your domain name is embedded into the SSL certificate
and is valid only for that domain. If you need to secure different
domain names you'll need a separate SSL certificate for each one.
The one exception is a Wildcard
SSL certificate, which will secure
unlimited sub domains using the same base domain.

Can I install the same SSL certificate on multiple servers?

Do you support Server Gated Cryptography (SGC)?

Years ago it was illegal in the US to export 128-bit high-encryption
due to national security concerns. So, browser developers like Microsoft
and Netscape had to offer two versions of their browsers: a high-encryption
version for US customers and a low-encryption export version for customers
outside the US. The export versions could only support up to 56-bit encryption.
Server Gated Cryptography (SGC) was a way to legally "bump up" a
session to a 128-bit connection even on the low-encryption export
browsers. In early 2000 the US government relaxed its ban on exporting
high-encryption,
making it available for export outside the US, and, as a result,
the need for SGC began to fade away. For this reason GeoTrust made a
decision
not to offer SGC.

I need an X.509 SSL certificate, do you have that?

Are the GeoTrust root CA certificates pre-installed in
popular web browsers?

Yes, you will see the GeoTrust roots listed as GeoTrust or Equifax.
In Internet Explorer, from the top menu, go to Tools
> Internet Options then select the Content tab.
In the Certificates section click the Certificate
button and then select the Trusted Root Certification Authorities
tab.

How are GeoTrust and Equifax related?

GeoTrust was founded years ago by a few key people from Equifax Secure.
In 2001 GeoTrust acquired Equifax Secure, which included the Equifax root
certificates. Now, GeoTrust has become the world's second largest
SSL provider.

If I install a GeoTrust SSL certificate, will users of my site have
to install anything on their end?

GeoTrust's root certificates come pre-installed on 99% of all
web browsers in use today. So, unless the user is using a very, very
old browser, he or she won't have to do or install anything when
they visit your site. The user experience will be seamless.

What is the encryption strength of GeoTrust certificates?

All GeoTrust SSL certificates now support up to 256-bit encryption.
That means that if the user's browser supports 256 and your web
server supports 256, the SSL session will be 256. If 256 is not supported
by both the browser and the server, the SSL session steps down to 128.
Mozilla's Firefox web browser now supports 256 and others, such
as Microsoft, are likely to follow. Going forward the shift will be from
128 to 256.

Will GeoTrust certs work in smartphones and other PDA devices?

My domain is registered to me as an individual, can
I still get a cert?

Yes. If you domain is registered to, say, Jane Doe, then you will need
to generate your CSR with "Jane Doe" in the Organization field (where
you would normally put your company's name). Then, once you have
placed an online order, you will be required to fax in a copy of
your valid drivers license or valid passport, issued to "Jane Doe".
Keep in mind that this does not apply to QuickSSL nor QuickSSL Premium;
which do not require any proof-of-organization documents.

Do you have a reseller program?

What should I do if my company is not the registered owner of the domain?

This would only be a concern if you are trying to purchase a True BusinessID or Wildcard SSL certificate. If your company is not the registered owner of the
domain, as verified through a WHOIS
lookup, you must get the registrant information changed prior to submitting
an SSL certificate application. You can usually change the registrant information
yourself by logging in where you registered your domain and making the changes.
Any changes you make to the WHOIS record may take 24-48 hours to update.

How will I know if my application for a GeoTrust Web server certificate
has been successful?

What is a Wildcard SSL certificate?

A Wildcard SSL certificate is used to secure unlimited sub domains that
share a common base domain. For example, if your base domain is 'books.com',
you can secure sales.books.com, www.books.com, secure.books.com, and
shop.books.com with one Wildcard SSL certificate.

How do I use a Wildcard SSL certificate in IIS?

Say you have five sites in IIS where you want to use one Wildcard SSL certificate. You'd pick one of the sites and generate a CSR in IIS for that site using *.yourdomain.com as the Common
Name field. When the order is complete and the Wildcard certificate
is sent to you by email, you go back to that site in IIS and import
the
Wildcard certificate. Then, using the Web Server Certificate Wizard in IIS,
go to each of the other four sites and assign an existing
certificate to each of
the remaining four sites. Note that each site using the Wildcard SSL certificate
must have its own IP.

How many sub domains can I secure with a Wildcard certificate?

Unlimited, as long as each sub domain shares the same common base domain.
If your base domain is 'books.com', you can secure sales.books.com,
www.books.com, secure.books.com, and shop.books.com with one Wildcard SSL certificate.

What is a Certificate Signing Request (CSR)?

The Certificate Signing Request (CSR)
is a small, encrypted text file. The CSR contains information about
your organization and the domain you
wish to secure. A CSR is what you give to a Certification Authority,
such as GeoTrust, to generate your SSL certificate. It is an essential
part of obtaining an SSL certificate.

How do I generate a CSR?

If you have access to your web server you can generate your own CSR, otherwise your hosting provider or server administrator
will need to help you. Some well known control panels (Ensim, Plesk, cPanel,
etc.) will allow you to generate your own CSR if your hosting provider has
enabled that feature for you. How you generate your CSR depends on the brand
of web server software your domain is hosted on.

Can I sign up without a CSR and just submit one later?

What is the Common Name (CN) in the CSR?

The Common Name (CN) is the fully-qualified domain name
for your web server. This must be an exact match. For example: if you intend
to secure the URL https://www.yourdomain.com, then your CSR's Common Name
must be www.yourdomain.com.

I need to secure multiple load-balanced servers, do I use the same CSR for each server?

If you need to install an SSL certificate and private key on multiple servers
you should generate a CSR from the first machine and isntall the issued SSL certificate on
that machine. Once installed on the first machine you should make a backup of your private
key and SSL certificate and import it to machine #2, and so on. So, you will only
be generating one CSR and using the same keys for each machine. If you are working
with Windows IIS servers this is an easy task. Please see our tutorial
Exporting/Importing SSL Certificates Between Windows Servers.